5 Takeaways from the Cisco 2018 Annual Cyber Security Report

Cisco Annual Cybersecurity Report 2018

Cloud abuse on the rise according to Cisco Security Report

Cisco’s Annual Cyber Security Report 2018 provides an insightful account into the changing cyber security landscape. This article summarises some findings of the report pertaining to cloud security.
Some main take aways from the report that will be discussed in this blog include:
  • Legitimate cloud services such as Twitter and Amazon being used by attackers to scale their activities
  • Machine-Learning is being used to capture download behaviour
  • Cloud Security is a shared responsibility between organisations and its provider
  • There is an increase of belief in the benefits of cloud security
  • Cloud abuse is on the rise
According to the report, increased security was the principle reason security professionals gave for organisations deciding to host corporate applications in the cloud.
Fifty seven percent believe the cloud offers better data security
Organisations who have a security operations team are likely to have a well defined cloud security approach that may include the adoption of Cloud Access Security Broker (CASB) as they deploy to the cloud.
Many smaller organisations however are adopting cloud services without a clear security strategy, there is therefore a blurring of the security boundaries where many organisations are not certain about where their responsibilities end and where the responsibility of the cloud provider starts.
Security in the cloud is a shared responsibility: Cloud Security, DNS, IaaS PaaS Saas
Security in the cloud is a shared responsibility
Cyber attackers are increasingly taking advantage of this blurring of the boundaries to exploit systems.
An increasing trend amongst cyber attackers is to use legitimate cloud services to host malware and command and control infrastructure. Public clouds that have been used for malware activity include Amazon, Google, DropBox and Microsoft.
This makes it doubly difficult for security teams to identify bad domains and take protective measures without risking significant commercial impact caused by denying user access to legitimate business services.
Examples of legitimate services abused by malware for C2
The misuse of legitimate services is attractive to cyber attackers for a number of reasons;
  • Easy to register a new account and set up a web page
  • Adopt use of legitimate SSL certificate
  • Services can be adapted and transformed on the fly
  • Reuse of domain and resources for multiple malware campaigns
  • Less likely that infrastructure will be ‘burned’ (service can just be taken down) with little evidence of its purpose
  • Reduce overhead for attacker and better return on investment
Cyber attackers are effectively using legitimate and well known cloud infrastructure with their attendant benefits; ease of scale, trusted brand and secure features such as SSL. This enables them to scale their activity with less likelihood of detection if current protection methods are retained.
The challenges posed for the security teams defending organisations from these new threats call for a more sophisticated approach because in effect you need to block services that users are trying to access for legitimate work such as Amazon or Dropbox. Furthermore, the legitimate services are encrypted and so malware will be encrypted and evade most forms of threat inspection techniques– the threat will only become apparent after it has been activated on a host.
Intelligent cloud security tools will need to be deployed to help identify malware domains and sub-domains using legitimate cloud services. Such tools can also be used to further analyse related malware characteristics such as associated IP addresses, related domains and the registrant’s details.
An emerging and valuable approach to detect anomalous behaviour is machine learning.
Machine learning algorithms can be used to characterise normal user activity, unusual activity can be identified, and action taken automatically.
Machine-learning algorithms capture user download behaviour 2017
To meet the range of challenges presented by cloud adoption,
organisations need to apply a combination of best practices, advanced security technologies, and some experimental methodologies especially where they need to overcome the use of legitimate services by cyber attackers.

Would you like to learn more? Claim your Free copy of our latest eBook “A View of the Cyber Threat Landscape”. Click here.

I made a call, the customer said no, but I loved it

 

We have been doing our cloud security blog now for a couple of weeks and decided to start to speak directly to some of the contacts who had been reading the blogs. I spoke to one contact from the legal sector (who shall remain nameless) who gave some very interesting feedback.

 

The bad news is that the call did not end up in a sale or a trial of the software, and they didn’t want to meet with us or try out any of our services so there is no fairy tale ending here.

 

What was more interesting was that the customer said about Umbrella cloud security and his current IT partner.

 

On the subject of Cisco Umbrella, he said they had been using it for over a year now and “it was absolutely brilliant”. The ability to automatically block bad domains and to investigate suspected threats was extremely good and he was very happy that they had decided to deploy the product.
Furthermore, he said it was introduced to him by their IT provider whom they have worked with for nearly 10 years now. He said it was a very strong partnership where they had offered an exceptional quality of service, they weren’t the cheapest but it would just be silly for them to look elsewhere at this stage because you get what you pay for and they certainly were getting very good value for money. He felt it would be silly of them to be looking to change under such circumstances. I said to him I hoped my customers felt the same way about the service we provide as we certainly strive to differentiate ourselves in this way. He thanked me for the call and we went t our separate ways.

 

Wow this is what I have been banging on about for what seems a lifetime, it’s not about being the cheapest or biggest, but rather about providing good value for money.

 

What was even more satisfying is the fact that he appreciated what we had been writing about in terms of cloud security and the importance of DNS security. He was totally happy with the Umbrella product and now couldn’t see them operating without it.

 

So I am really happy that though this customer said no to us, they endorsed what we believe and what we have been banging the drum about.

 

Protect yourself against 92% of malware threats that can be stopped at source via secure DNS. The free trial is waiting for you to just click the link and be up and running in 5 minutes. It will be the best cyber security click you’ve ever made.

Test the solution yourself! Free 14 day trial 

What Will You Pay? Costs of a Cyber Attack

What will you pay?

With a 750% increase in ransomware attacks in 2016, a first layer of defense is needed.

View the infographic for new proactive strategies with Cisco Umbrella and keep your business protected.

Click here to view the infographic

Take Control with CASB and DNS

Its been a cloudy blog of a fortnight (pardon the pun but I couldn’t help it). To summarise we have been looking at the changing IT landscape and the consequent change in the threat landscape. We then looked at how organisations need to change their approach to cloud security to address this new reality.

 

The age of digitisation is bringing about a dramatic change to the IT landscape. Digitisation is about new efficient ways of doing things at scale. It’s about automation and new ways of engagement with customers in a way that suits them and at a time that suits them.

 

Digitisation is turning century old industries on its head as new players emerge that are agile, visionary and creative at a rate it’s outpacing their peers.

 

The new IT landscape is about DevOps “scoring an end goal” around or despite IT. Being applied to conceive and deploy apps in a fraction of the time it used to take using a conventional approach. Its about using the cloud to take advantage of Infrastructure, Platform or Software as a Service and being able to globally scale an application.

 

The new IT landscape is also about anytime anywhere access for users/employees. Power is being devolved to branch offices because they need better connectivity to access their new apps in the cloud. Analysts are saying that approximately 50% of users now access their applications remotely and 25% actually work remotely.

 

We also need to factor the explosive growth of IoT and the pervasive use of mobile devices to access the web.

 

Digitisation is a bright new horizon but it also brings major security headaches. Some of these include;

  • A massive increase in cyber attack landscape, more devices, more apps, more points of access
  • Increase in the number of alerts security teams need to process and understand
  • More applications to monitor and manageLack of visibility in what users are doing and how they are using apps
  • The growth of shadow IT exposing corporate information and services to attacks
  • Outdated non-cloud savvy security relative to the emerging landscape

 

Cyber attackers have evolved in sophistication to keep apace of the changes in IT. They constantly evolve their exploits, they are offering attacks as a service, they are using cloud scale computing power as well. Cisco’s annual cyber security report identifies that the scale and sophistication of attacks have increased over the past 12 months.

 

Security teams need to evolve their approach to security making it cloud centric with the ability to protect users and data anywhere anytime. Remember cloud services still require organisations to take responsibility for the security of their data. Gartner has identified that 95% of data breaches will be the fault of the end user.

 

Some of the essential tools that security need to include in their new armoury include secure DNS services as well as CASB services. DNS will block access to malware sites before they happen, or if a machine has been infected, it will block the command and control call back. CASB has the ability to monitor user activity in the cloud, profile applications in use and prevent data leakage. Both tools can also provide invaluable visibility into the normal behaviour of users and trigger protective actions and alerts as and when behaviour varies from the norm.

14 Day Free Trial of Cisco Umbrella

Get started in 30 seconds

No credit card or phone call required

 

WHAT IS INCLUDED?

  • Threat protection like no other — block malware, C2 callbacks, and phishing.
  • Predictive intelligence — automates threat protection by uncovering attacks before they launch.
  • Worldwide coverage in minutes — no hardware to install or software to maintain.
  • Weekly security report — get a personalized summary of malicious requests & more, directly to your inbox.
  • 1,000+ users? — You’re eligible for the Umbrella Security Report, a detailed post-trial analysis.

See how easy Umbrella is to instal

In the Cloud you need CASB: How to Secure the Cloud

We introduce another acronym yesterday, CASB (Cloud Access Security Broker) and we now expand on the features and benefits of deploying a CASB solution as we continue in our approach to cloud security. We noted in our previous blog that cloud security was a shared responsibility between service user and service provider. Gartner analysis indicates that by 2021, 27% of corporate data will bypass perimeter security. In addition by 2020, 95% of cloud security failures will be the customer’s fault.

 

Cloud Umbrella, DNS, Firewall, Cloud Security, Data Breach

 

Securing the cloud will need a robust security approach which includes features such as the ones outlined below;

 

Cloud User Security

Attackers are defeating today’s security controls that rely on the network perimeter, firewalls, or a specific platform. Activities across platforms are not correlated, making it difficult to identify suspicious behavioural patterns. At the same time, security teams are inundated with alerts that lack priority, useful information, or context. Faced with a flood of unhelpful notifications, the legitimate security breaches get overlooked. This problem is magnified with the use of cloud applications and platforms, as organisations often have little visibility into the activities of their users in their cloud environments.
A CASB can analyse user and entity behaviour, using the analytics to profile behaviour and detect and respond to anomalies in real time, while alerting security teams.

 

Cloud Data Security

The number one cloud security concern for organisations is storing sensitive data in the cloud. 53% of organisations rated this top of their list. A CASB is an effective solution to address this by enabling tuneable policies to be deployed to monitor and provide data loss prevention. In the event of a policy violation, a CASB can initiate an automated response mechanism that can notify users, encrypt connections and quarantine data as necessary.

 

Cloud Applications Security

Unauthorised cloud applications is now a major security hole being exploited by cyber attacks. Discovery and security rating of cloud applications are therefore another essential feature that is needed to determine compliance with the organisations security policy. The ability to also block or whitelist applications may also be a necessary measure for compliance.

 

Correctly configured the CASB solution should provide the following benefits;

  • Detect and respond to compromised accounts
  • Detect and respond to malicious insiders
  • Monitor and secure privileged accounts
  • Protect sensitive data in the cloud
  • Enable compliance with cloud data
  • Gain full visibility into cloud app usage
  • Block cloud malware
  • Secure cloud marketplace apps

Securing SaaS Applications: How to Secure the Cloud

Security in the cloud is a shared responsibility: Cloud Security, DNS, IaaS PaaS Saas

 

More organisations are adopting a cloud strategy to leverage cloud services and enjoy the associated speed of development and deployment. One of the biggest challenges, however, is creating the balance that provides an appropriate level of governance over the use of cloud applications that still empowers users to leverage these services.

 

We recently highlighted a news article (read it here) about a tool that was able to trawl through Amazon Web servers and access potentially sensitive data hosted by a number of organisations. The tool highlighted flaws in the configuration of servers in the cloud. This is a good example possibly of a rush to deployment that left good cyber security practices behind.


In this blog series, we have discussed the need for a pervasive cloud centric cyber security approach that not just protects the user but also the data.

 

Cloud service providers are responsible for the security of their infrastructure, while organisations that use those services are responsible for user activities on top of that infrastructure. Cloud service providers will build security into their platforms and environment, however, if the data is being accessed by the wrong person or used inappropriately, they will not be aware of that. Additionally, they do not know what applications an organisation has approved or disallowed. 

 

The cloud centric security approach, therefore, needs to have extensive visibility of who is accessing applications and data and how they are using it. The security approach must have the ability to identify malicious infrastructure and protect sensitive data from it. Compromised accounts need to be identified as well as potential malicious insiders. The emerging security tool that addresses this security concern is the cloud access security broker (CASB).

 

A cloud access security broker helps organisations address a range of cloud security vulnerabilities by providing visibility into the applications in use, profiling them from a risk perspective, and enforcing policies especially around data loss prevention (DLP) and user activity.

 

A good CASB implementation will also provide for the retrospective discovery of sensitive data and malware in cloud applications. The CASB should also integrate with network based entities to give visibility into real time data, threats in motion, as well as preview historical use of cloud applications.

 

In our next episode, we will take a deeper look at CASB and how they can work more effectively with other security tools to secure the cloud.

Free eBook: A View of the Cybercrime Threat Landscape

 

$2,235,018 per year

The average amount SMBs spent in the aftermath of a
cyber attack or data breach due to damage or theft of IT
assets and disruption to normal operations.

The amount is staggering, and enough to jeopardize the viability of
many companies. Yet the business benefits that come with the internet,
Cloud computing and other applications are impossible to forego
and remain competitive.

That’s why business owners and executives are asking one question:

  • Is our internet safe?

If your service provider can’t demonstrate how it is making you
company less likely to become a victim of cybercrime, then it is time
to consider alternatives.

In this eBook, we’ll outline what companies are up against
today, and how Cisco Umbrella can help bring you peace of mind.

Download the eBook here!

What Next?

 

Trial Cisco Umbrella for 14 Days, completely free and no obligations!

If you have read the last few updates you should now have a deeper understanding of Cloud Security, that’s great! But what can YOU do about it? 

We are offering a 14 day trial of Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud.

Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

It takes no time to install and you don’t have to provide any payment details (or even have a phone call).

So what have you got to lose? 

Click here to start your trial! 

See how easy Umbrella is to installwatch this video 

Block 82% of cyber threats before they get you: How to secure the cloud

Cloud Security DNS

In our previous blogs, we looked at the changing IT landscape and how cyber security protection needs to change to meet the new challenges and threats.

 

  • We know that cloud adoption in the form of SaaS is pervasive.
  • Remote working is the norm providing increased flexibility, costs savings, higher productivity and generally a happier workforce.
  • More power is being devolved to branch locations as they contribute more to an organisation’s success.
  • Branches need more speed and direct internet access to more efficiently support the adoption of cloud.
  • IoT connectivity is growing apace as is mobile device connectivity which is outpacing fixed devices.
  • Cyber threats are increasing in scale and sophistication and we have experienced a number of attacks on a global scale, this trend is likely to increase and accelerate.

 

The rapidly changing IT landscape characterizes a new era of digitisation where IT adoption and automation of business processes is happening at a scale rarely seen before. The changes are bringing about a paradigm shift in our approach to providing cyber security where we need to essentially provide continuous, pervasive protection for known and unknown threats. As we continue in this series we discuss some technological approaches to delivering pervasive cloud centric security.

 

Securing DNS

We are aware of the pivotal role of DNS in getting us connected to literally any service we need to access, whether via email, web or a bespoke application. DNS is a service we always make use of. So how can securing a simple background process like DNS have a dramatic effect on an organisation’s cyber security posture?

 

DNS security can act as a form of perimeter security where the perimeter is pushed back to the source of the cyber threat. So the threat is initially blocked at the source or its point of origin. How this works is that the DNS points to a secure DNS service with up to date threat domain intelligence and machine learning that discovers and protects against emerging threats. Remember that 100% of organisations interact with known malware domains. Securing DNS will instantly block these connections as they are requested, as well as blocking future domains that have been identified as malware hosts.

 

If a previously infected device connects to the network or service, secure DNS will block the command and control call back to the malware domain and notify the security team.

 

This level of security is highly scalable in that it can be provided for an individual roaming client, a branch site or the organisation’s principle location.

 

Another useful feature is the ability to track normal behaviour for your organisation in terms of the rate and volume of requests over time. Anomalous behaviour can then be detected by comparing significant changes in normal behaviour.

 

A secure DNS solution will also provide detailed information about the malware domain such as IP addresses, associated domains and attacks associated with these domains. A robust, secure DNS solution could also provide a data feed into other security components in the organisation, thus sharing security updates that can be actioned elsewhere in the security stack.

 

In our next blog, we will take a look at how SaaS applications can be used in conjunction with secure DNS.

 

Trial Cisco Umbrella for 14 Days, completely free and no obligations!

If you have read the last few updates you should now have a deeper understanding of Cloud Security, that’s great! But what can YOU do about it?

We are offering a 14 day trial of Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud.

Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

It takes no time to install and you don’t have to provide any payment details (or even have a phone call).

So what have you got to lose?

Click here to start your trial! 

See how easy Umbrella is to instalwatch this video 

Win Big by Securing DNS: How to Secure the Cloud

 

Adoption of cloud based technology and the proliferation of remote working is driving a new approach to security that needs to be omnipresent providing the highest practical levels of cyber security for the user, the network and the data.

 

We reviewed some of the features that were needed for this new security approach and the risks/challenges that needed to be addressed. Security analysts such as Gartner and IDC have a new security term that is relevant to this emerging security environment and have coined it the Security Internet Gateway. The principle function of the Secure Internet Gateway is to secure the cloud environment in the same way that we secure the on-premises environment.

 

Implementing a security platform in the cloud will break the limitations and constraints of centralised solutions. The security must be flexible in line with user access, virtualised to deliver security wherever it is needed and extend beyond just securing web protocols such as http and https. Most security vendors now offer cloud based security solutions and in many instances what they have done is taken a conventional security component such as Anti-Virus or Web Proxy services and deployed it in the cloud. While this may be a good start, a range of other technologies need also to be included in the security stack deployed to protect users and data.

 

When users connect to the web they must immediately undergo inspection and policy enforcement to ensure their connection is being done in a secure manner. These may include but not limited to;

 

  • Visibility and enforcement of policy on or off VPN
  • Security against threats from all ports and protocols
  • Inspection of web traffic and file inspection including behavioural sandboxing
  • Live threat intelligence from global internet activity with near real time updates
  • Visibility and control of SaaS applications

 

Clearly no single solution can provide all of these components, but a Secure Internet Gateway correctly specified could go a long way to providing many of these security measures. Secure DNS must be a major component of the functionality of Secure gateway because of its ability to stop a large swathe of attacks before they reach the user or the data.

 

We have outlined in previous blogs the pivotal role that DNS plays in almost all web based communications, yet DNS is not understood by most users. DNS is involved but not necessarily exploited in 92% of cyber attacks and therefore it can be used in a secured manner to block most attacks. Some examples are that 100% of organisations interact with known malware sites. If these are known to the DNS servers, they could block access with no impact on the user or performance.

 

Once a device is infected with ransomware it will need to make a command and control call to get the key needed to encrypt data. Again secure DNS could prevent this connection and thus block the attack in its track until the key is downloaded, the data cannot be encrypted. Deploying a cloud security solution that includes secure DNS is a quick way of effectively managing the risk of ransomware and stopping the execution of malware once a device is infected.

 

In our next episode, we will provide more details about how secure DNS works and how some of the other Secure Internet Gateway features can be implemented and employed.

Trial Cisco Umbrella for 14 Days, completely free and no obligations!

If you have read the last few updates you should now have a deeper understanding of Cloud Security, that’s great! But what can YOU do about it?

We are offering a 14 day trial of Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud.

Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

It takes no time to install and you don’t have to provide any payment details (or even have a phone call).

So what have you got to lose?

Click here to start your trial! 

See how easy Umbrella is to instal: watch this video 

Covering the Cloud: How to Secure the Cloud

We have discussed the changing IT landscape as the age of digitisation gains traction and growth in connectivity continue apace. The cyber attack surface is increasing and so is the scale and sophistication of attacks as identified by Cisco in it’s latest annual cyber security report.

Security breaches will continue to happen because there is too much going on in the organisations’ systems to provide complete protection especially with the growing sophistication of threats. The approach to security needs to embrace an approach that provides not only for known but also unknown threats. The approach needs to address cyber security before, during and after a cyber attack.

Some of the key features that need to be addressed with this new cyber security approach include;

Visibility Control

Users will try to use whatever they can to get the job done. Organisations need visibility and control of what applications are being used in the cloud and remotely, especially with the growth of new SaaS applications. Visibility enables an understanding of what is being used in line with policy, what is out of policy and what is a threat. Visibility is the first step to controlling and securing the organisations environment based on what services should be provided.

Securing Cloud applications

As SaaS applications are increasingly being deployed in public clouds such as Amazon Web Services and Azure, it is vital to ensure that the cloud platform is secure. Even though the cloud providers will deploy their own security solutions, organisations also need to implement independent security systems to secure the user and the data as this is not the responsibility of the cloud provider.

Extend protection to the edge

As remote connectivity and branch networking trends increase in popularity, the security solution should be adaptable to extend the necessary features such as firewalling, threat management and anti-malware capabilities to the edge of the network as opposed to the current centralised deployment.

Virtualise the security architecture

The need for security is now pervasive at the client, the branch, the HQ as well as public and private clouds where SaaS applications are located. This necessitates the capability for a virtualised security architecture where the panoply of security functionality can be deployed easily at any location.

Threat intelligence

Most organisations deploy security components from multiple vendors. An intelligent approach to securing information and systems in the emerging environment must make use of threat intelligence. This is the ability to take intelligence feeds from other sources such as other security vendors feed and make context based threat assessments relating to your organisation and what it means for you. This assessment can naturally feed into automated protection mechanisms.

This roundup of security requirements and features is a summary of what we need to look for in our security approach as we hurtle towards digitisation and a predominantly cloud based environment. In our next installment, we will discuss some practical solutions and explain what is now being termed the Secure Internet Gateway.

 

It Starts with Policy: How to Secure the Cloud

So now we have confirmed what we already knew, the era of digitisation is bringing unimaginable opportunities for business innovation and differentiation. The big BUT is that our traditional approach to securing IT assets needs to be transformed and be relevant for the emerging world of large scale remote working, cloud based applications and massive increases in connected devices.

 

Our starting point in addressing the new cyber security approach must be policy based. It is vital to have a policy that is agreed at Executive level. The policy needs to identify the risks to the business of compromised information systems which could result in severe financial loss and reputational damage. The importance of securing these systems and the roles and responsibilities of everyone in the organisation needs to be clearly communicated. Having an effective policy is also a necessary step not just for good governance but also an important step on the journey to meeting statutory requirements such as PCI or GDPR compliance.

 

The policy of necessity should look at all aspects of the day to day user access, processing and storage of information, identify the risks for each component and identify the controls that are necessary to mitigate that risk. In a previous blog we identified some of these key controls which include;

 

  • Education and Awareness: train users to adopt a security conscious culture
  • Securing Configurations: to protect systems from vulnerabilities
  • Secure Network Connectivity: follow industry best practices and design approaches
  • Managing User Privileges: ensure users do not have unnecessary privileges that can be exploited
  • Effective Incident Management: reduce the impact of a cyber breach and aid speedy resolution
  • Malware Prevention: ensure good anti-malware practices are implemented to prevent infection
  • Systems Monitoring: detect how systems are used and if they have been attacked
  • Remote working: ensure that an effective secure remote policy and controls are in place

 

All of the above controls (and some) will be necessary for GDPR compliance and an area that to date has often been ignored by SMBs is systems monitoring. This will certainly need to change with one requirement of GDPR for detailed breach notification.

 

The above policies and their associated controls could go a long way creating a more secure business environment that is able to mitigate risk before, during and after a cyber attack. So the simple message is that policy must underpin and be the foundation for any kind technology or people solution to security organisations from cyber breaches.

 

In the next edition of our blog, we will begin to explore what some of the technological solutions should look like and the benefits they could bring if correctly deployed.